what's new item

batamig · batamig · commit 122ca710b7ab · 2021-12-30T10:48:15.000+02:00
diff --git a/articles/sentinel/monitor-data-connector-health.md b/articles/sentinel/monitor-data-connector-health.md
@@ -13,11 +13,11 @@ ms.author: yelevin
 
 [!INCLUDE [Banner for top of topics](./includes/banner.md)]
 
-After you've configured and connected your Azure Sentinel workspace to your workspace, you'll want to monitor your connector health, viewing any service or data source issues, such as authentication, throttling, and more.
+After you've configured and connected your Microsoft Sentinel workspace to your workspace, you'll want to monitor your connector health, viewing any service or data source issues, such as authentication, throttling, and more.
 
 You also might like to configure notifications for health drifts for relevant stakeholders who can take action. For example, configure email messages, Microsoft Teams messages, new tickets in your ticketing system, and so on.
 
-This article describes how to use the following features, which allow you to keep track of your data connectors' health, connectivity, and performance from within Azure Sentinel:
+This article describes how to use the following features, which allow you to keep track of your data connectors' health, connectivity, and performance from within Microsoft Sentinel:
 
 - **Data connectors health monitoring workbook**. This workbook provides additional monitors, detects anomalies, and gives insight regarding the workspace’s data ingestion status. You can use the workbook’s logic to monitor the general health of the ingested data, and to build custom views and rule-based alerts.
 
@@ -27,6 +27,7 @@ This article describes how to use the following features, which allow you to kee
     > The *SentinelHealth* data table is currently supported only for selected data connectors. For more information, see [Supported data connectors](#supported-data-connectors).
     >
 
+
 ## Use the health monitoring workbook
 
 1. From the Microsoft Sentinel portal, select **Workbooks** from the **Threat management** menu.
@@ -41,9 +42,9 @@ This article describes how to use the following features, which allow you to kee
 
 There are three tabbed sections in this workbook:
 
-1. The **Overview** tab shows the general status of data ingestion in the selected workspace: volume measures, EPS rates, and time last log received.
+- The **Overview** tab shows the general status of data ingestion in the selected workspace: volume measures, EPS rates, and time last log received.
 
-1. The **Data collection anomalies** tab will help you to detect anomalies in the data collection process, by table and data source. Each tab presents anomalies for a particular table (the **General** tab includes a collection of tables). The anomalies are calculated using the **series_decompose_anomalies()** function that returns an **anomaly score**. [Learn more about this function](/azure/data-explorer/kusto/query/series-decompose-anomaliesfunction?WT.mc_id=Portal-fx). Set the following parameters for the function to evaluate:
+- The **Data collection anomalies** tab will help you to detect anomalies in the data collection process, by table and data source. Each tab presents anomalies for a particular table (the **General** tab includes a collection of tables). The anomalies are calculated using the **series_decompose_anomalies()** function that returns an **anomaly score**. [Learn more about this function](/azure/data-explorer/kusto/query/series-decompose-anomaliesfunction?WT.mc_id=Portal-fx). Set the following parameters for the function to evaluate:
 
     - **AnomaliesTimeRange**: This time picker applies only to the data collection anomalies view.
     - **SampleInterval**: The time interval in which data is sampled in the given time range. The anomaly score is calculated only on the last interval's data.
@@ -52,7 +53,7 @@ There are three tabbed sections in this workbook:
 
         :::image type="content" source="media/monitor-data-connector-health/data-health-workbook-2.png" alt-text="data connector health monitoring workbook anomalies page" lightbox="media/monitor-data-connector-health/data-health-workbook-2.png":::
 
-1. The **Agent info** tab shows you information about the health of the Log Analytics agents installed on your various machines, whether Azure VM, other cloud VM, on-premises VM, or physical. You can monitor the following:
+- The **Agent info** tab shows you information about the health of the Log Analytics agents installed on your various machines, whether Azure VM, other cloud VM, on-premises VM, or physical. You can monitor the following:
 
    - System location
 
@@ -68,14 +69,19 @@ There are three tabbed sections in this workbook:
 
 ## Use the SentinelHealth data table (Public preview)
 
-To get data connector health data from the *SentinelHealth* data table, you must first [turn on the Azure Sentinel health feature](#turn-on-azure-sentinel-health-for-your-workspace) for your workspace.
+To get data connector health data from the *SentinelHealth* data table, you must first [turn on the Microsoft Sentinel health feature](#turn-on-azure-sentinel-health-for-your-workspace) for your workspace.
 
 Once the health feature is turned on, the *SentinelHealth* data table is created at the first success or failure event generated for your data connectors.
 
 > [!TIP]
 > To configure the retention time for your health events, see the [Log Analytics retention configuration documentation](/azure/azure-monitor/logs/manage-cost-storage).
 >
 
+> [!IMPORTANT]
+>
+> The SentinelHealth data table is currently in **PREVIEW**. See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
+>
+
 ### Supported data connectors
 
 The *SentinelHealth* data table is currently supported only for the following data connectors:
@@ -87,9 +93,9 @@ The *SentinelHealth* data table is currently supported only for the following da
 - [Threat Intelligence - TAXII](connect-threat-intelligence-taxii.md)
 - [Threat Intelligence Platforms](connect-threat-intelligence-tip.md)
 
-### Turn on Azure Sentinel health for your workspace
+### Turn on Microsoft Sentinel health for your workspace
 
-1. In Azure Sentinel, under the **Configuration** menu on the left, select **Settings** and expand the **Health** section.
+1. In Microsoft Sentinel, under the **Configuration** menu on the left, select **Settings** and expand the **Health** section.
 
 1. Select **Configure Diagnostic Settings** and create a new diagnostic setting.
 
@@ -106,7 +112,7 @@ The *SentinelHealth* data table is created at the first success or failure event
 
 ### Access the *SentinelHealth* table
 
-In the Azure Sentinel **Logs** page, run a query on the  *SentinelHealth* table. For example:
+In the Microsoft Sentinel **Logs** page, run a query on the  *SentinelHealth* table. For example:
 
 ```kusto
 SentinelHealth
@@ -121,7 +127,7 @@ The following types of health events are logged in the *SentinelHealth* table:
 
     If the data connector's status changes, either from a success to failure, from failure to success, or has changes in failure reasons, the event is logged immediately to allow your team to take proactive and immediate action.
 
-    Potentially transient errors, such as source service throttling, are logged only after they've continued for more than 60 minutes. These 60 minutes allow Azure Sentinel to overcome a transient issue in the backend and catch up with the data, without requiring any user action. Errors that are definitely not transient are logged immediately.
+    Potentially transient errors, such as source service throttling, are logged only after they've continued for more than 60 minutes. These 60 minutes allow Microsoft Sentinel to overcome a transient issue in the backend and catch up with the data, without requiring any user action. Errors that are definitely not transient are logged immediately.
 
 - **Failure summary**. Logged once an hour, per connector, per workspace, with an aggregated failure summary. Failure summary events are created only when the connector has experienced polling errors during the given hour. They contain any extra details provided in the *ExtendedProperties* column, such as the time period for which the connector's source platform was queried, and a distinct list of failures encountered during the time period.
 
@@ -186,11 +192,11 @@ lastestStatus
 
 ### Configure alerts and automated actions for health issues
 
-While you can use the Azure Sentinel [analytics rules](automate-incident-handling-with-automation-rules.md) to configure automation in Azure Sentinel logs, if you want to be notified and take immediate action for health drifts in your data connectors, we recommend that you use [Azure Monitor alert rules](/azure/azure-monitor/alerts/alerts-overview).
+While you can use the Microsoft Sentinel [analytics rules](automate-incident-handling-with-automation-rules.md) to configure automation in Microsoft Sentinel logs, if you want to be notified and take immediate action for health drifts in your data connectors, we recommend that you use [Azure Monitor alert rules](/azure/azure-monitor/alerts/alerts-overview).
 
 For example:
 
-1. In an Azure Monitor alert rule, select your Azure Sentinel workspace as the rule scope, and **Custom log search** as the first condition.
+1. In an Azure Monitor alert rule, select your Microsoft Sentinel workspace as the rule scope, and **Custom log search** as the first condition.
 
 1. Customize the alert logic as needed, such as frequency or lookback duration, and then use [queries](#run-queries-to-detect-health-drifts) to search for health drifts.
 
@@ -204,18 +210,20 @@ The following table describes the columns and data generated in the *SentinelHea
 
 | ColumnName    | ColumnType     | Description|
 | ----------------------------------------------- | -------------- | --------------------------------------------------------------------------- |
-| **TenantId**      | String         | The tenant ID for your Azure Sentinel workspace.                    |
+| **TenantId**      | String         | The tenant ID for your Microsoft Sentinel workspace.                    |
 | **TimeGenerated** | Datetime       | The time at which the health event occurred.         |
 | <a name="operationname"></a>**OperationName** | String         | The health operation. One of the following values: <br><br>-`Data fetch status change` for health or success indications <br>- `Failure summary` for aggregated health summaries. <br><br>For more information, see [Understanding SentinelHealth table events](#understanding-sentinelhealth-table-events). |
-| <a name="sentinelresourceid"></a>**SentinelResourceId**        | String         | The unique identifier of the Azure Sentinel workspace and the associated connector on which the health event occurred. |
+| <a name="sentinelresourceid"></a>**SentinelResourceId**        | String         | The unique identifier of the Microsoft Sentinel workspace and the associated connector on which the health event occurred. |
 | **SentinelResourceName**      | String         | The data connector name.                           |
 | <a name="status"></a>**Status**        | String         | Indicates `Success` or `Failure` for the `Data fetch status change` [OperationName](#operationname), and `Informational` for the `Failure summary` [OperationName](#operationname).         |
 | **Description**   | String         | Describes the operation, including extended data as needed. For example, for failures, this column might indicate the failure reason. |
 | **WorkspaceId**   | String         | The workspace GUID on which the health issue occurred. The full Azure Resource Identifier is available in the [SentinelResourceID](#sentinelresourceid) column. |
-| **SentinelResourceType**      | String         |The Azure Sentinel resource type being monitored: `Data connector`|
+| **SentinelResourceType**      | String         |The Microsoft Sentinel resource type being monitored: `Data connector`|
 | **SentinelResourceKind**      | String         | The type of data connector being monitored, such as `Office365`.               |
 | **RecordId**      | String         | A unique identifier for the record that can be shared with the support team for better correlation as needed.                |
 | **ExtendedProperties**        | Dynamic (json) | A JSON bag that varies by the [OperationName](#operationname) value and the [Status](#status) of the event: <br><br>- For `Data fetch status change` events with a success indicator, the bag contains a ‘DestinationTable’ property to indicate where data from this connector is expected to land. For failures, the contents vary depending on the failure type.    |
 | **Type**          | String         | `SentinelHealth`                         |
+
+
 ## Next steps
 Learn how to [onboard your data to Microsoft Sentinel](quickstart-onboard.md), [connect data sources](connect-data-sources.md), and [get visibility into your data, and potential threats](get-visibility.md).
diff --git a/articles/sentinel/whats-new.md b/articles/sentinel/whats-new.md
@@ -27,6 +27,18 @@ If you're looking for items older than six months, you'll find them in the [Arch
 >
 > You can also contribute! Join us in the [Microsoft Sentinel Threat Hunters GitHub community](https://github.com/Azure/Azure-Sentinel/wiki).
 
+## January 2022
+
+- [SentinelHealth data table](#sentinel-health-data-table)
+
+### SentinelHealth data table (Public preview)
+
+Microsoft Sentinel now provides the **SentinelHealth** data table to help you monitor your connector health, providing insights on health drifts, such as latest failure events per connector, or connectors with changes from success to failure states. Use this data to create alerts and other automated actions, such as Microsoft Teams messages, new tickets in a ticketing system, and so on.
+
+Turn on the Microsoft Sentinel health feature for your workspace in order to have the **SentinelHealth** data table created at the next success or failure event generated for supported data connectors.
+
+For more information, see [Use the SentinelHealth data table (Public preview)](monitor-data-connector-health.md#use-the-sentinelhealth-data-table-public-preview).
+
 ## December 2021
 
 - [IoT OT Threat Monitoring with Defender for IoT solution](#iot-ot-threat-monitoring-with-defender-for-iot-solution-public-preview)
